[Jool-list] netfilter mode question or bug

Fatih USTA fatihusta86 at gmail.com
Sun Dec 22 03:23:32 CST 2019 

Wow, you are so fast. I will be test.

I think maybe like this feature can be add.

Realtime

jool trace [FILTER OPTIONS]
--src IPv4,IPv6
--dst IPv4,IPv6
--tcp
--udp
--icmp
--alg ftp|sip #future


$ jool trace --tcp
id=11111 namespace=748484488 instance=default src=192.0.2.1 dst=2001:db8::
192.0.2.1 sport=333 dport=444 proto=tcp action=nat46 nataddr=2001:db8::a
mtu=1400 tos=3 eamt=no blacklist=no bib=no  .... other matched options

On Sat, Dec 21, 2019, 02:31 Alberto Leiva <ydahhrk at gmail.com> wrote:

> First draft:
> https://nicmx.github.io/Jool/en/usr-flags-global.html#trace
>
> the flag can be found in the latest commit in the master branch:
> https://github.com/NICMx/Jool
>
> On Fri, Dec 20, 2019 at 1:01 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
> >
> > Please note that you might need to update that page in case your
> > browser cached it, because I just updated it.
> >
> > On Fri, Dec 20, 2019 at 1:00 PM Alberto Leiva <ydahhrk at gmail.com> wrote:
> > >
> > > Currently, there is no tracing configuration flag. If you want, I can
> add it.
> > >
> > > For now, the closest thing is enabling debugging:
> > > https://nicmx.github.io/Jool/en/logging.html
> > >
> > > On Fri, Dec 20, 2019 at 12:12 AM Fatih USTA <fatihusta86 at gmail.com>
> wrote:
> > > >
> > > >
> > > > I rebooted my system and it worked. But I don't understand why?
> > > > One more question. How can I trace traffic inside jool like "iptables
> > > > TRACE" for debugging.
> > > >
> > > > BTW:
> > > > jool netfilter/iptables worked without reboot.
> > > >
> > > >
> > > > Thanks.
> > > >
> > > > Fatih USTA
> > > >
> > > > On 19.12.2019 19:11, Alberto Leiva wrote:
> > > > > Did you try printing stats?
> > > > > https://jool.mx/en/usr-flags-stats.html
> > > > >
> > > > > If Jool is the one dropping the packets, they should tell you why.
> > > > >
> > > > > On Thu, Dec 19, 2019 at 9:46 AM Alberto Leiva <ydahhrk at gmail.com>
> wrote:
> > > > >> I hate to be asking this question but, did you try rebooting and
> doing
> > > > >> a clean run?
> > > > >>
> > > > >> Because it works fine for me, even in my 32/64-bit hybrid...
> > > > >>
> > > > >> On Thu, Dec 19, 2019 at 4:54 AM Fatih USTA <fatihusta86 at gmail.com>
> wrote:
> > > > >>>
> > > > >>> Hi
> > > > >>>
> > > > >>> I'm following this(https://www.jool.mx/en/run-vanilla.html)
> guide.
> > > > >>> IPTables mode working, but netfilter mode doesn't work. What am I
> > > > >>> missing? or is this a bug?
> > > > >>>
> > > > >>>
> > > > >>> jool_siit -V
> > > > >>> 4.0.6.2 i386
> > > > >>>
> > > > >>> ip{6}tables -V
> > > > >>> v1.6.0 i386
> > > > >>>
> > > > >>> uname -rm
> > > > >>> 3.16.76-4.custom x86_64
> > > > >>>
> > > > >>>
> > > > >>> PC1[eth0] <=>[eth1]Tranlator[eth2]<=>[eth0]PC2
> > > > >>>
> > > > >>>
> > > > >>> #PC1
> > > > >>> ip addr add 10.200.200.220/23 dev eth0
> > > > >>> ip route add 10.100.100.0/24 via 10.200.200.16
> > > > >>>
> > > > >>> #Translator
> > > > >>> ip addr add 10.200.200.16/23 dev eth1
> > > > >>> ip addr add 2001:db8:a::10.100.100.2/120 dev eth2
> > > > >>>
> > > > >>> sysctl -w net.ipv4.conf.all.forwarding=1
> > > > >>> sysctl -w net.ipv6.conf.all.forwarding=1
> > > > >>>
> > > > >>>
> > > > >>> ethtool --offload eth1 gro off
> > > > >>> ethtool --offload eth2 gro off
> > > > >>>
> > > > >>> lro already fixed off by kernel.
> > > > >>>
> > > > >>>
> > > > >>> jool_siit instance add default --netfilter --pool6
> 2001:db8:a::/96
> > > > >>>
> > > > >>>
> > > > >>> #PC2
> > > > >>> ip add add 2001:db8:a::10.100.100.11/120 dev eth0
> > > > >>> ip route add 2001:db8:a::10.200.200.0/119 via
> 2001:db8:a::10.100.100.2
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> #Result of netfilter (on Translator)
> > > > >>>
> > > > >>> PC1>PC2
> > > > >>> 12:44:12.234494 IP 10.200.200.220 > 10.100.100.11: ICMP echo
> request, id
> > > > >>> 9806, seq 1, length 64
> > > > >>> 12:44:12.234647 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > > >>> 10.100.100.11 unreachable, length 92
> > > > >>> 12:44:13.255748 IP 10.200.200.220 > 10.100.100.11: ICMP echo
> request, id
> > > > >>> 9806, seq 2, length 64
> > > > >>> 12:44:13.255825 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > > >>> 10.100.100.11 unreachable, length 92
> > > > >>> 12:44:14.279628 IP 10.200.200.220 > 10.100.100.11: ICMP echo
> request, id
> > > > >>> 9806, seq 3, length 64
> > > > >>> 12:44:14.279704 IP 10.200.200.16 > 10.200.200.220: ICMP net
> > > > >>> 10.100.100.11 unreachable, length 92
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> -- Fatih USTA
> > > > >>> _______________________________________________
> > > > >>> Jool-list mailing list
> > > > >>> Jool-list at nic.mx
> > > > >>> https://mail-lists.nic.mx/listas/listinfo/jool-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail-lists.nic.mx/pipermail/jool-list/attachments/20191222/4591cd71/attachment.html>

More information about the Jool-list mailing list